From nobody Fri Jun 28 12:06:43 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W9Z104Fw7z5JtGv for ; Fri, 28 Jun 2024 12:06:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W9Z0z2jQgz40dt for ; Fri, 28 Jun 2024 12:06:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719576403; a=rsa-sha256; cv=none; b=qitH6kaGEcWUp4k3ZHlA+RmrckGKB+oc/aEUpW70Ae6ykqhV7ONOYzuB6sodfQ6JOOgwPF QiR8ZS+Vdsg/JDLK+2cGu2Hlm1Id45gEi/rdlcEsoiEK/VmSPl03rAvHgStVrhxVMeNCyg 4zG+KLHqs8X1/QoZg1Te5irXIQ1X2q5pAfBtmIf3LTpJHIoPomOD/yHmYDpRsaPlV9MRWh oko6ffuNT7czqzSBP4XSbVcOyooU3ikzn4Hzq5ID0BUe6Ez6YJTdlKFrqZqCqxD8ksTXT/ rsoMB6HcaBN4pP5avhh6K0HB0oKD/F2NiQziIpN3lytD+GM7I80FR+B4c4A0SQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719576403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hMtOIBDigasn8T9kPpiiCUeSGxQVc0uuEFCWUkgKvfk=; b=CsmgD51glad1bgKZJzghqEnMFNIFYL3mtANlbdYTs0au5puI3Z61LhSC+kIVRBGZsAV/LG BW/RKVFqnfqQYFucxBdm2KnWIUumUufY5UerJ77eNfKzU0sWcuULtEtT/vdk+CMNB0/emA +TmvB9ER6XNZOYGloYy6v8lvdonuqW7h6JgByuhbxCKlUc3JOmdoriPUbPw3t+TITCHVFS +CYgCZaCAEr30Kt61HIU9487mtdHpNxxyATWT5TTUSlrY9VhBR/XCwfVB0pPzRPg3xx8Ky CP8ChGGV0c0Pz+12qs2376OpCIy1LaiKVO0V3Bg0EJxr4Dqx1LAa8mM4KfyQaQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W9Z0z2By1zvhq for ; Fri, 28 Jun 2024 12:06:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 45SC6hY0080995 for ; Fri, 28 Jun 2024 12:06:43 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 45SC6hA8080994 for ports-bugs@FreeBSD.org; Fri, 28 Jun 2024 12:06:43 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 280035] net/krill: Update to version 0.14.5 Date: Fri, 28 Jun 2024 12:06:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports-bugs@freebsd.org Sender: owner-freebsd-ports-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280035 Bug ID: 280035 Summary: net/krill: Update to version 0.14.5 Product: Ports & Packages Version: Latest Hardware: Any URL: https://nlnetlabs.nl/news/2024/Jun/27/krill-0.13.2-0.1 4.5-released/ OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #251743 maintainer-approval+ Flags: Created attachment 251743 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D251743&action= =3Dedit Patch to update This fixes an issue that causes Krill to panic if a CA with multiple parents and children have one of their parents removed, causing the children to try and revoke their certificates for that parent. This is relevant for Krill instances under NIC.br that themselves have children. In addition, the releases update the HTTP library to avoid a possible denial-of-service attack described in RUSTSEC-2024-0332. If you are exposing Krill=E2=80=99s HTTP server directly to the Internet without a rev= erse proxy such as Nginx in between, we advise you to update at your earliest convenience. Version 0.14.5 in addition fixes an issue with encoding empty CRLs and empty RRDP deltas as well as a possible freeze when trying to access the RIS data while it is being downloaded. It also adds support for overriding the manifest number for trust anchor CAs. The complete list of changes can be found in the release notes at https://github.com/NLnetLabs/krill/releases/tag/v0.14.5 --=20 You are receiving this mail because: You are the assignee for the bug.=